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Appellants* Brief (37 C.FR. § 41.37) 

A fee of SSOO.OO is requiied for filing an Appellants' Brief. Please chaige this fee to IBM 
Corporation D^sit Account No. 094)447. NTo additional fees are believed to be necessary. H, however, 
any additiooal fees are required, I authorize the Comtnissioner to charge these fees yMoh may be required 
v> IBM C or p ora tion Deposit Account No. 09-0447. No extension of time is believed to be necessary. 
however, an extension of time i& required, the extension is requested, and I authorize the Commis6i<Hier to 
chaige any fees for this extension to IBM Cozpatation Deposit Account No. 09*0447. 
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ATTENTION: Board of Patent Appeals and Interferences 



APPELLANTS' BRIEF (37 CFJL § 41 J7) 

This Appeal Brief is in furtherance of the Notice of Appeal filed June 30^ 2005 (37 C.F.R. § 
41.31). 

The fees required under § 41.20(b)(2), and any required petition for extension of time for filing 
this brief and fees fbeiefore, are dealt wifh in the accon^>an>ing Transmittal of Appeal Brief. 

08/30/2005 JBftLIHAN 000000&6 090447 09884311 
^1 FC:1402 500.00 Dfl 

(Appellantft' Brief Page 1 of 25) 
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L Real Party In Interest 

The real party in interest in this appeal is the following party: International Business 
Machines Corporation. 

n. Related Appeals and Interference 

With respect to other appeals and interferences that will directly affect^ or be directly 
affected by, or have a bearing on the Board's decision in the pending ^eal, there are no such 
appeals or interferences, 

in. status of Claims 

The status of the claims involved in this proceeding is as follows: 

1. Claims canceled: NONE 

2. Claims withdrawing from consideration but not canceled: NONE 

3. Claims pending: 1-20 

4. Claims allowed: . NONE 

5. Claims rejected: 1-20 

The claims on appeal are: claims 1-20, 
IV. Status of Amendments 

No amendments to the application were filed subsequent to mailing of the Final Office 

Action. 



(^ellants' Brief P^e 2 of 25) 
Adleret 31.-09/884,311 
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V, Summary of Claimed Sublect Matter 

The present inventioti provides a mechamsm for handling personally identifiable 
information. The present invention seeks to provide controls over how personally identifiahle 
information provided to one party may be distributed by that party to other parties. The 
mechamsm of the present invention inchides providing a first set of object classes (e,g*» 601, 602, 
605 in Figure 6; 701 , 703, 702 in Figure 7) representing active entities (e.g., data subject 301 , 
data user 303, data user 305 in Figure 3; page 10, line 28 to page 1 1, line 1) in an information- 
handling process, wherein a limited number of privacy-related actions represent operations 
performed on data (page 1 1 , lines 14-18). The mechanism of the present invention further 
includes providing a second set of object classes (e.g., 706 and 707 in Figure 7) representing data 
and rules in the information-handling process (e.g., 304 in Figure 3; page 10, lines 20-23), 
wherein at least one object class has the rules associated with the data, and wherein the data 
represents the personally identifiable information (e.g., 705 in Figure 7), The mechanism of the 
present invention also includes processing transactions involving the personally identifiable 
information, using the first and second set of object classes, so as to enforce a privacy policy 
(page 11, lines 2-4), associated with the personally identifiable information and defined by the 
rules (page 1 1, lines 6 and 13-14), against one or more active entities rq)resented by the first set 
of object classes (page 11, lines 6-12). 

The present invention fiirther provides a mechanism for improving the handling of 
personally identifiable information (see page 10, lines 3-15). This mechanism involves 
performing an initial assessment of an infomnation-handling process (eg., 201 in Figure 2). 
constructing a model of the infoimation-handling process (e.g., 203 in Figure 2), based on the 
initial assessment, and providing output (e.g., "feedback'* in Figure 2) based on the initial 
assessment and constructing of the model, diat identifies at least one way in which the personally 
identifiable information could be better handled (e.g., 205 in Figure 2). The constmcting of the 
model may include representing entities, data, and rul^ in the information-handling process by 
using a limited number of object classes, representing op^ations perfomied on data by using a 
limited number of privacy-related actions, and representing transactions by using the limited 
number of object classy and the limited number of privacy-related actions (see Figure 8 and 
description on page 26, line 7 to page 27, line 26). 

CAppcllaota' Brief Page 3 af 25) 
Adleretal- 09/884,311 
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VI. Grounds of Rclcctlon to be Reviewed on Appeal 

Claims 1-20 stand rqected under 3S U.S.C. § 103(a) as being allegedly unpatentable over 
Martin, **Piinciples of Object Oriented Analysis and Design,*' Prentice Hall, 1 993. 

VII# Argnment 



The Office Action rejects claims 1-20 under 35 U.S.C. 103(a) as being allegedly 
anticipated by Martin, 'Trinciplea of Object Oriented Analysis and Design," Prentice Hall, 1993. 
This rejection is respectfully traversed. 

Claim 1 reads as follows: 



1 . A method, in a data processing system, for handling personally identifiable 
information, said method comprising: 

providing, in a computer, a first set of object classes representinjg active 
entities in an information-handling process , wherein a limited number of privacy- 
related actions represent operations performed on data; 

providing, in said computer^ a second set of object classes representing 
data and rules in said information-handling process, i^iierein at least one object 
class has said rules associated with said data, and wherein ^aid data represents 
said personally identifiable infbmiation: and 

processing transactions, in the data processiny system, involving said 
personally identifiable information, using said computer and said first and second 
set of object classes, so as to enforce a privacy policy, associated with the 
persotiallv identifiable information and defined by said rules, apainst one or more 
active entities represented bv said first set of obiect classes , 
(emphasis added) 

Martin does not teach or suggest every element of the claimed invention. Specifically, 
Martin does not teach or suggest a first set of object classes representing active entities in an 
information handling process, a second set of object classes representing data and rules in an 
information handling process, or processing transactions involvitig personally identifiable 
information so as to enforce a privacy policy associated with the personally identifiable 



(AppcUents' Brief Pes© 4 of 25) 
A41creteL-09/884»3II 
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information and defined by rules of the second set of object classes, against one or more active 

entities represented by the first set of object classes, as recited in claim 1 . 

Martin is a textbook that is concerned with describing fhe basic building blocks of object- 
oriented modeling. As such, Martin generally teaches objects, classes, rules» and the like* 
However, Martin does not provide any teaching or suggestion regarding fhe specific arraxigement 
of objects, classes and rules, or tiie processing of transactions using such arrangement of objects, 
classes and rales so as to enforce a privacy poUcy, associated with personally identifiable 
information and defined by rules in a set of object classes, against one or more active entities 
represented by a first set of object classes. No^'^ere in Martin is there any teaching or suggestion 
regarding a first set of object classes representing active entities in an information handling 
process. Nowhere in Martin is there any teaching or suggestion regarding a second set of object 
classes representing data and rules in an information handling process. Nowhere in Martin is 
there any teaching or suggestion to process transactions involving personally identifiable 

information so as to enforce a privacy pohcy associated with the personally identifiable 
information and defined by rules o the second set of object classes, against one or more active 
entities represented by the first set of object classes. 

The Final Office Action alleges that Martin teaches the feature of "providing, in a 
computer^ a first set of object classes representing active entities in an information-handling 
process^ wherein a limited number of privacy-related actions represent operations performed on 
data" at page 19 because, in the Examiner's opinion, the objects are active entities themselves 

and that privacy related actions are the operations to read and manipulate data of the object (see 
Final Office Action, page 4). In the Examin^^s "Response to Amendments" section of the Final 
Office Action (page 2 of the Final Office Action)^ the Examiner explains that , .it is the 
Bxaminer's position that an object as disclosed by Martin, in the field of Object oriented 
program, inherently discloses an active entity." 

Appellants respectfiolly submit that the Examiner must interpret the claims in light of the 
specification and that the specification is a dictionary for the temis used in the claims. Claim 1 
uses the temi "active entity*' and thus, it is the Examiner^s duty when interpreting the claim to 
look to the specification to dctcrmme what the term "active entity" encompasses. According to 
the present specification, an active entity is a human being or legal entity (see page 15, lines 13- 
1 5). The specification does not.state that an "active entity*' is just any object To the contrary, 

(Appellants* Brief Page 5 of 25) 
AdlcfctaL- 09/384,3 11 
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the specification clearly states that aa active entity is a hmnan being or legal entity. 

Claim 1 states that the first set of object classes represent active entities ^'in an 
information-handling process." Thus, using the definition of active entity found in the 
specification, this feature is to be intezpreted as a first set of object classes representing human 
beings or legal entities in an infonnation-handling process. Therofore, the first set of object 
classes do not refer to any object that is involved in information handlings as the Bxaminer 
alleges. To the contrary^ the first set of obj ect classes specifically represent human beings or 
legal entities, i.e. active entities, in an information-handling process. An example of such human 
beings or legal entities is given on page 10» line 28 to page 1 1, line 1 of the present specification 
where it states that the "main actors in EPA are a data subject 301 (i.e< the person who is 
described by the PIT) and one or more data users, 303 or 304 (e.g. different organizations or 
individuals)." Thus, the general objects described in Martin do not teach or suggest using a first 
set of object classes to represent human beings or legal entities^ i.e. active entities, in an 
information-handliiig process. 

In addition to the above, Martin does not teach or suggest a second set of object classes 
representing data and rules in said information-handling process, wherein at least one object class 
has said rules associated with said data, and wherein said data rq)Te$ents said personally 
identifiable information. The Final Office Action alleges that this feature is taught by Martin at 
page 144 in the section entitled "Object Structure Analysis/Object Behavior Analysis'* because 
ttiis section allegedly states that objects are capable of representing data and rules in their 
interrelationships with other objects. While it may be true that objects are capable of 
representing data and rules, there is nothing in such a general teaching that teaches or suggests to 
use object classes to represent personally identifiable information in association with rules, as 
recited in claim 1. Nowhere in Martin is there any mention of using objects to represent 
personally identifiable infomiatLon in association with rules in an information handling process. 
Moreover, there is no teaching or suggestion in Martin to use a first set of object classes 
representing active entities in an information handling process and use a second set of object 
classes representing personally identifiable information and rules in an information handUng 
process. 

Further to the above, Martin does not teach or suggest processing transactions involving 
personally identifiable information using the first set of object classes and the second set of 

(Appcllaatfl' Brief Page 6 of 25) 
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object classes so as to enforce a privacy policy, associated with the personally identifiable 
information and defined by the rules, against one or more active entities represented by the first 
set of object classes. The Fmal Office Action alleges that Martin teaches processing transactions 
involving personally identifiable information using a first set of object classes and a second set of 
object classes m the diagrams on pages 146-147 of Martin. Specifically^ the Pinal 0£5cc Action 
alleges that the identity of the customers, their salaries* employee type, etc. are personally 
identifiable information. While these may be examples of personally identifiable information, 
there is no teaching or suggestion in the diagrams on pages 146-147 to enforce a privacy policy 
associated with personally identifiable information, represented in a second set of object classes, 
against one or more active entities, i.e. human beings or legal cntitieB, represented by a first set of 
object classes. The diagrams shown on pages 146*147 of Martin have nothing to do with a 
privacy policy, let alone a privacy policy that is defined by rules m a second set of object classes, 
associated with personally identifiable information in the second set of object classes, which is 
applied against a first set of object classes that represent human beings or legal entities in an 
information handling process. 

The Final Office Action admits that Martin does not teach a first and second set of object 
classes that enforce a privacy policy. The Final Office Action states that because Martin 
allegedly teaches the implementation of rules tfarougji "active entities/' which the Examiner 
interprets as bdng any object^ and because the privacy policy of the claimed invention is 
implemented using rules, that somehow this means that the features of claim 1 are made obvious. 
A plethora of things may be modeled using rules. In fact, Martin provides exan^les of rules for 
establishing different types of pre-conditions and post-conditions, althougih it should be noted 
that in none of the examples provided in Martin is there any example of the rules being iised to 
implement a privacy policy. However, just teaching rules does not teach or suggest to use such 
rules in implementing a privacy policy or to do so in die particular manner recited in claim 1 . As 
with the rejection of all of the previous features discussed above, the Examiner's stance with 
regard to this feature is to take a very general teaching, i.e. a teaching of "rules"^ and use it to 
reject a very specific feature without even a single suggestion in the reference to apply such a 
general teaching to the specific feature of the claim. Nowhere in Martin is there any teaching or 
suggestion to use rules to implement a privacy policy, let alone to implement a privacy policy as 
Tvlcs in associated with personally id^tifiable information in a second set of object classes such 

(Appellants" Bdef Pago 7 of 25) 
Ad1eretal,-09/S 84.311 
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that the privacy policy is applied against active entities represented by a first set of object classes. 

The basic fallacy in the Examiner's position is that the Examiner is using a general 
textbook teaching of basic building blocks of object oriented environments and concluding that 
these general teachings necessarily obviate all possible uses and arrangements of these buildmg 
blocks. Appellants are not claiming objects^ rules, classes, or any of the other basic building 
blocks of an object oriented environment in themselves- To the contraiya Appellants are 
claiming a very specific arrangement of object classes and a mechanism for using this specific 
anrangement of object classes to perform information handling involving person^ly identifiable 
infomiation. 

Basically, the Examiner's position is completely based on hindsight reconstruction using 
Appellants* own disclosure as a guide. The Examin^'s rejection amounts to the Examiner 
bcUeving that the basic building blocks described in Martin could be combined to arrive at 
Appellants' claimed invention and thus, the claimed invention must be obvious. The Examiner 
completely disregards the requirement that there be a teaching or suggestion to make the 
particular arrangement of basic building blocks set forth in Martin that would arrive at the 
invention as recited in Appellants' claims. There simply is no teaching or suggestion in the 
general textbook of Martin to apply objects, mles, classes, etc. to information handling in tiie 
particular manner set forth in claim 1, as discussed at lengdi above. 

Independent claims 12 and 15 provide system and computer-usable medium claims 
havmg features that are similar to those discussed above with regard to claim 1 . Therefore, these 
claims are distinguished over Martin for similar reasons as set forth above with regard to claim 1 . 

In view of the above, Appellants respectfully submit that Martin does not teach or suggest 
the features recited in claims 1,12 and 15» At least by virtue of their dependency on claim 4, 
Martin does not teach or suggest the features of dependent claims 2-3, 13* 14 -and 16-20. 

B. Independent Claim 4 

With regard to independent claim 4, recites a particular method in which an initial 
assessment of an information-handling process is performed, a model of the information- 
handling process is constructed based on the initial assessment, and output is provided based on 
the initial ass^sment and constructing, that identifies at least one way in which personally 

(AppcUants' Brief Pege 8 of 25) 
Adleretal.- 09/884,311 
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identifiable information could be better handled, The Final Office Action alleges that Martin 
teaches providing output, based on an initial assessment and constructing a model of an 
information handling proems, that identifies at least one way in which personally identifiable 

information may be better handled simply because Martin teaches the use of CRC cards at pages 
187-190, 

While Martin mentions the use of CRC.cards, which are physical index cards used by 
pitjgrammers to represent classes in an object oriented model, and the desire of programmers to 
**think like an object,'* nowhere in Martin is there any teaching or suggestion of a methodology in 
a data processing system for analyzing an information handling process, constructing a model of 
the information handling process, or generating an output that identifies at least one way in which 
personally identifiable information can be better handled by the mformation handling process, as 
recited in claim 4. To the contrary, Martin is merely describings in general^ a maniial, index card 
based, technique by which programmers may try to gain some insight into how the classy and 
objects of an object oriented model may operate, Martin does not teach anything regarding 
personally identifiable infoimation, handling personally identifiable informaticn, or performing 
an assessment, constructing a model, or determiniag an improvement to a personally identifiable 
information handhng process. 

Moreover, nowhere in Martin is there any teaching or suggestion regarding representing 
entities, data; and rules in an information handling process by using a limited number of object 
classes, representing operations performed on data by using a limited number of privacy-related 
actions, and r^esenting transactions by using the limited number of object classes 
and the limited number of privacy-related actions. The Final Office Action alleges that these 
features are taught by Martin at page 19, 140, 146-147, 1S6 and 166, Page 19 of Martin merely 
teaches that '"operations" are used to read or manipulate data of an object* Page 19 does not 
teach anything regarding privacy-related actions or representing transactions using such privacy 
related actions. Page 140 ofMartin merely teaches WHEN-IF-THEN trigger rules. Nowhere on 
page 140 is there any teaching or suggestion regarding privacy related actions or using privacy 
related actions along with objects representing entities, data and rules to represent transactions. 

Pages 146-147 of Martin have been addressed above with regard to claim 1 . These pages 
of Martin merely pro vide example diagrams of rules liked to object oriented CASE diagrams. 
Nowhere in any of the diagrams provided on pages 146-147 is there any teaching or suggestion 

(Appellants' Brief Page 9 of 23) 
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regarding representing objects pcrfbimed on data as a limited number of privacy-related actions 
or using such privacy-related actions along with objects representing entities, data and rul^ to 
represent transactions. 

Similarly^ pages 156 and 166 of Martin do not provide any teaching or suggestion 
regarding these features. Page 156 of Martin provides an example object-relationship model for 
students and classes. Again^ there is no teaching or suggestion regarding representing objects 
perfomied on data as a limited number of privacy-related actions or using such privacy-related 
actions along with objects representing entities^ data and rules to represent transactions. Page 
166 of Martin provides an event diagram example which again, has nothing to do with ttiese 
features of claim 4. As with claim 1 above, while Martin provides teachings regarding some 
basic building blocks of object oriented enviroiunents« Martin does not provide any of the 
specific features recited in claim 4. 

Jn view of the above, Appellants respectfully submit that Martin does not teach or suggest 
the features recited in claim 4. At least by virtue of their dq)endency on claim 4, Martin does not 
teach or suggest the feature of dependent claims S-1 1« 

C. Dependent Claims 

1. Dependent Claims 3, 14 and 17 

The rejection of the dependent claims is respectfully traversed for at least the same 
reasons set forth above with regard to claims 1, 12 and IS, from which claims 3| 14 and 17 
depend, respectively. In addition. Appellants respectfully traverse the Examiner's taking of 
Official Notice that representing rules as a filled paper form, including both collected data and 
rules regarding said collected data, was well known in the art at the time of the invetition. While 
electronic forms may iiave been generally known, associating rules with data collected by such 
electronic forms in said electronic forms was not know prior to Appellants' claimed invention. 

In response to this argument, the Examiner states that examples of an object class 
representing a filled paper form including both collected data and rules regarding the collected 
data include contracts signed by parties. In the Exandner's ""Response to Amendments" (see 
Final Office Action, page 3), the Examiner states that a common example of this feature is a legal 

(Appcll&ms' Bwf Page 10 of 25) 
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contract, such as the contract for sale of a house which involves the collection of data and would 
thereby form the set of rules to apply to the collected data. Appellants respectfully disagree. 

While these examples that the Exanaincr provides are aU good examples of paper fomis, 
they are not object classes that represent a filled paper form having collected data and rules 
regarding the collected data. Nowhere in the example of a paper contract is there any teaching or 
suggestion to represent such a p^er contract as at least one object class having collected data and 
rules regarding collected data. 

Moreover, the Examiner's allegation that the legal contract include collected data and 
rules regarding the collected data is simply incorrect. While legal contracts do have information 
that is filled into them, the content of the contract does not regard the information that is filled in, 
but rules to be applied to the subject of the contract. For example^ inserting the address of the 
house that is the subject of the sale does not mean that the "Vules" in the contract apply to the 
address information that was entered. To the contrary, the rules in the contract ^ly to the 
parties involved in the sale. Nowhere in the sale contract is there any rule regarding how the 
infomiation filled into the contract may be used. Thus» the Examiner's allegation is completely 
without merit. 

Moreover, even if electronic fonns having collected data and associated rules were 
known prior to Appellants' invention, there is no teaching or suggestion to include such a feature 
in the mechanisms of Martin, As discussed previously, Martin is merely a general textbook 
describing the basic building blocks of object-oriented models. Martin does not provide any 
teaching or suggestion of any problem for which electronic forms having collected data and 
associated rules would be a solution. The only basis for asserting such a combination is a 
hindsight reconstruction of Appellants' claimed invention using Appellants' ovm disclosure to 
provide the suggestion for making the combination. Such a combinationy predicated on 
knowledge of Appellants' claimed invention, is impermissible as a basis for establishing a prima 
&cie case of obviousness. 

Furthermore, even if such a combination were possible and there were a suggestion in 
Martin to include such electronic forms with collected data and associated rules, the result still 
would not be the invention as recited in claims 3, 14 and 17. As discussed above, Martin does 
not provide any teachings or suggestions regarding the features of independent claims 1, 12 and 
15* The inclusion of an electronic form with collected data and associated rules would not 
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provide for this deficiency in MartiiL Thus, the combination stiU would not result in the 
invention as recited in claims 3, 14 atid 17* In view of the above, Appellants respectfiilly submit 
that Martin does not teach or suggest the features recited in dependent claims 3, 14 and 17. 

2. Dependent Claims S. 6. 7 and 9 

With regard to dependent claim 5, Martin does not teach providing output comprises 
identifying at least one way in which an information handling process can be improved The 
Final Office Action alleges that this feature is taught by Martin at pages 1 87-190 because Martin 
teaches using CRC cards to gain a better understanding of how to handle the object model. The 
u&e of CRC cards has been addressed above with regard to claim 4. Using CRC cards, which 
again are physical index cards that a programmer may use as a tool to understand how objects 
work with each other, does not provide any output that identifies at least one way in which an 
information handling process can be improved. A human being, ^i^g physical cards, does not 
constitute a data processing system that provides an output. Thus, the whole premise of the 
Examiner's rejections based on the use of CRC cards is critically flawed. Nowhere in the Martin 
reference is there any teaching or suggestion to automate CRC cards such that a data processing 
system uses such CRC cards to gen^e an output that identifies a way in which an mformation 
handling process can be improved. While CRC cards may be a nice tool for programmers to use^ 
it does not obviate the features of claim 5. Thus, in view of the above, Appellants respectfully 
submit that Martin does not teach or suggest the features of claim 5. 

The Examiner uses the same flawed reasoning in rejecting claims 6, 7 and 9. Claim 6 
recites that providing output further comprises identifying at least one way to improve 
compliance with a law or contract. Just as CRC cards do not teach or suggest providing an 
output that comprises at least one way m which an information handling process can be improved 
(claim S), CRC cards do not provide any teaching or suggestion regarding providing an output 
that identifies a way to improve compliance with a law or contact. 

Claims 7 and 9 are rejected "for the same reasons as claim 5." Claim 7 recites enforcing 
compliance with a law or contract. This feature is not taught or suggested by the use of CRC 
cards. Claim 9 recites that designing a modification further comprises designing a modification 
to improve compliance with a law or contract governing an information handling process. 

(AppeUantfi* Brief Page 12 of 25) 
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Again, using CRC cards does not teach or suggest designing a modification that improves 
compliance with a law or contract governing an infoimation handling process. Thus, in view of 
the above, Appellants respectfully submit that Martin does not teach or suggest the features in 
claims 5, 6, 7 and 9* 

3. Dependent Claim 8 

Rjegarding claim 8, Martin does not teach or suggest designing a modification to an 
information handling process based on construction a model and providing output that identifies 
at least one way in which personally identifiable information could be better handled. The Final 
Office Action alleges that this feature is taught by Martm because Martin supposedly teaches that 
Modifications are constantly being designed in the creation of the object oriented model of the 
system from the creation of the model, to the creation of its design, to the generation of the code" 
at page 60. All this teaches is that the object oriented model may undergo many modifications. 
Where does this teach anything regarding devising a modification based on a construction of the 
model and providing an output that identifies at least one way in which personally identifiable 
information could be handled ? Once again, the Examiner takes a general statement in Martin 
and alleges that this general statement teaches a very specific feature recited in the claims without 
any support what-so-ever. 

Appellants agree that object oriented models do undergo many modifications during their 
creation. Hiis is not what Appellants are claiming. Appellants are specifically claiming the 
designing of a modification to an information handling process based on constructing a model 
and providing cutout that identifies at least one way in which oerBonallv identifiable information 
could be better handled . Such a feature is not taught or suggested by merely stating that object 
models undergo many modificatioiis. Thus, in view of the above, Appellants respectfully submit 
that Martin does not teach or suggest the features of claim 8. 



(AppellantB' Brief 13 of 25) 
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4, De pcaident Claims 1 8 and 20 

Claim 1 8, which is representative of similar features found in dependent claim 20\ reads 
as follows: 



18. The method of claim 1» wherein: 

a first active entity represented by a first object class in said first set of 
object classes is a first data user that requests said nersoiiallv identifiable 
informgrion from a data subject that is a secomd active entity represented by a 
second object class in said first set of object classes, 

said data subject is an active entity that is personally i dentifiable bv said 
personallv identifiable information : 

a third active entity represented by a third object class in said first set of 
object classes is a second data user that requests personallv identifiable information 

from said first data user, and 

said rules define if and how said personallv identifiable in foimation may be 
provided^ bv said first data usen to said second data user , 

Thus, in claim 1 8 there is a data subject that is personally identifiable by the personally 
identifiable information, a first data user that requests the personally identifiable information 
from the data subject, a second data user that requests the personally identifiable information 
&om the first data user, and rules that govern if and how the personally identifiable information 
may be provided by the first data user to the second data user. None of these feanires are taught 
or suggested by Martin. 

The Final Office Action alleges that these features are taught by Martin in Figure 11.13 
and its cocresponding description. Specifically , the Final Office Action states that a first active 
entity is a student represented by a person object ttiat requests personally identifiable information 
fit)m a data subject, wherein the personally identifiable information is a registration. 
Conspicuously missing from the Examiner's explanation of how Figure 11.13 supposedly 
teaches all of the features of claims 18 and 20 is any explanation of where in the figure the 
second data user is represented. That is because Figure 1 L 13 has nothing to do with the features 



^ It is noted that the Final Office Action alleges thai claim 20 is "substantially similar'* to claim 
12 and is rejected for the same reasons. Claim 20 is not substantially similar to claim 12 but is 
similar to claim 18 and is dependent fiom claim 12. Therefore, Appellants are treating claim 20 
in a similar fashion as claim 18 in Appellants' arguments. 
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of claims 18 snd 20 and the Examiner is attempting to force Figure 11 .13 to fit the mold of 
claims 18 and 20 using hindsight. 

Nowhere in Figure 1 1.13 or its corr^ponding description is there any teaching or 
suggestion regarding one data user requesting infonnation from another data user about a data 
subject where rules govern if and how the information may be provided by the first data user to 
the second data user. The Examiner has pointed to an arbitrary and irrelevant portion of the 
Martin reference. Figure 11 . 1 3 is actually an event diagram illustrating a registration event in 
which a student registers, a dormitory room is obtained, and the student is invoiced. This has 
nothing to do with the features of claims 1 8 and 20. 

In view of the above, Appellants respectfully submit Aat Martin does not teach or suggest 
the features of dependent claims 18 and 20. 

5. Dependent riai-m 19 

Dependent claim 19 recites transforming, based on the rules, personally identifiable 
information into a depersonalized fbmiat prior to providing the p^onally identifiable 
information to the second data usier. The Final Office Action alleges that this feature is taught by 
Martin at page 166. The Final Office Action alleges that the registration information is a 
depersonalized format^ but is specific to a particular student when a student makes the 
registration. Appellants respectfully disagree. 

As set forth in the pr^ent specification on page 13, lines 6-9, depersonalized data is 
personally identifiable information where the link to the data subject is not visible and cannot be 
established without knowing some additional information. A registration of a studrait is not 
depersonalized information. To the contrary, the registration requires tfiat the student be 
identifiable fi*om the information. Thus^ the Examiner*s allegations in the Final OfEce Action 
are simply incorrect. Once again, the Examiner is randomly selecting portions of the Martin 
re f e ren ce and attempting to force them into the mold of the present claims regardless of the fact 
that they simply do not have anything to do with the present claims. Nowhere in Martin is there 
any teaching or suggestion to transform personally identifiable information into a depersonalized 
format prior to providing the personally identifiable information to a second data user. In view 
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of the above» Appellants respectfully submit that Martin does not teach or suggest the features of 
dependent claim 19. 

Vni. Conclttslon 

In view of the above» >^)pellants respectfully submit that the features of claims 1*20 are not 
taught or suggested by the Martin referee. Accontiugly, Appellants request that the Board of 
Patent Appeals and Interferences oveitum the rejections set forth in the Final Office Action. 



Respectfully submitted. 




Walder InteUectual Property Law, P.C. 

P,0, Box 832745 
Richardson, TX 75083 
(214)722-6419 
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CLAIMS API>ENDIX 

1 . A method, in a data processing system, for handling personally identifiable information, 
said method comprising: 

providing, in a computer, a first set of object classes representing active entities in an 
iEifonnation-handling process, wherein a limited number of privacy-related actions represent 
operations performed on data; 

providing, in said computer, a second set of object classes representing data and rules in 
said information-handling process, wherein at least one object class has said rules associated with 
said data, and wherein said data represents said personally identifiable information; and 

processing transactions, in the data processing system, involving said personally 
identifiable information, using said computer and said first and second set of object classes, so as 
to enforce a privacy policy, associated with the personally identifiable information and defined 
by said rules, against one or more active entities represented by said first set of object classes. 

* 

2. Hie method of claim 1, wherein said first set of object classes include one or more object 
classes representing parties, selected from the group consisting of 

a data user object class, 
a data subject object class, 
a guardian object class, and 
a privacy authority object class. 
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3. The method of cledm 1 , wherein said at least one object class, havmg said rules associated 
with said data, represents a filled paper fbtm, including both collected data and rules regarding 
said collected data. 

4. A method, in a data processing sj^tcm, for improving the handling of personally 
identifiable information, said method comprising; 

performing^ in the data processing system^ an initial assessment of an infoimation- 
handling process; 

constmcting^ in said data processing system^ a model of said information-handling 
process, based on said initial assessment; and 

providing output, &om said data processing system, based on said initial assessment and 
constructing, that identifies at least one way in which said personally identifiable information 
could be better handled; 

wherein said constructing includes: 

representing entities, data, and rules in said informatioib-handling process by 
using a limited number of object classes; 

representing operations performed on data by using a limited number of 
privacy-related actions; and 

representing transactions by using said limited number of object classes 
and said limited number of pri vac>^-related actions. 

5. The method of claim 4» wherein said providing output further comprises identiiying at 
least one way in which said information-handling process could be improved, 

(Appellams' Brief Page IS of 25) 
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6. The method of claim 4» wherein said providing output further comprises identifying a.t 
least one way to improve compliance with a law or contract 

7, The method of claim 4, further comprising enforcing compliance with a law or contract. 

8. The method of claim 4» further comprising designing a modification to said infonnation- 
handling process^ based on said constructing and providing. 

9, The method of claim 8, wherein said designing a modification further comprises 
designing a modification to improve compliance with a law or contract govcming $aid 
information handling process. 

10« The method of claim 4, wherein said limited number of object classes includes one or 
more object classes representii^g parties selected from the group consisting of 

a data \iser object class, 

a data subject object class, 

a guardian object class, and 

a privacy authority object class. 

1 1 . The method of claim 4« wherein said limited number of object classes include at least one 
object class wherein rules ere associated with data* 
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12. A system for handling personeilly identifiable infonnation, said system comprising: 
means forpioviding, in a computer^ a first set of object classes representing active entities 

in an information-handling process^ wherein a limited number of privacy-related actions 
represent operations perfomied on data; 

means for providing, in said computer, a second set of object classes representing data 
and rules in said information-handling process, wherein at least one object class has said rules 
associated with said data^ and wherein said data represents said personally identifiable 
information; and 

means for processing transactions, in a data processing system, involving said personally 
identifiable inlbrmation, using said computer and said first and second set of object classes, so as 
to enforce a privacy policy* associated with the personally identifiable information and defined 
by said ruleSj against one or more active entities represented by said first set of object classes. 

13. The system of claim 12, wherein said first set of object classes include one or more object 
classes selected from the group consisting of 

a data user object class, 
a data subject object class^ 
a guardian object class, and 

a privacy authority obj ect class. 

14. The system of claim 12, wherein said at least one object class, having said rules 
associated with said data, represents a filled paper form, including both collected data and rules 
regarding said collected data. 
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15. A computer-usable medium having computer-executable instractions for handling 
personally identifiable information, said computer executable instructions comprising: 

means for providing in a computer a first set of object classes representing active entities 
in an infonnation-handling process, wherein a limited number of privacy-related actions 
represent operations performed on data; 

means for providing in said computer a second set of object classes representing data and 
rules in said information-handling process, wherein at least one object class has said rules 
associated with said data, and wherein said data represents said personally identifiable 
information; and 

means for processing transactions^ in a data processing system^ involving said personally 
identifiable information, using said computer and said first and second set of object classes, so as 
to enforce a privacy policy, associated with the personally identifiable information and defined 
by said rules, against one or more active entities represented by said first set of object classes. 

16. The computer-usable medium of claim 15, wherein said first set of object classes include 
one or more object classes representing parties^ selected fiom the groi^ consisting of 

a data user object class* 
a data subject object class, 
a guardian object class, and 
a privacy authority object class. 
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1 7. The computer-usable mediiun of claim 15, wherein said at least one object class, having 
said rules associated with said data, represents a filled paper foim, including both collected data 
and rules regarding said collected data. 

1 8 . The method of claim 1 ^ wherein: 

a fiist active entity represented by a first object class in said first set of object classes is a 
first data user that requests said personally identifiable infomiation from a data subject that is a 
second active entity represented by a secoiKl object class in said first set of object classes, 

said data subject is an active entity that is personally identifiable by said personally 
identifiable information; 

a third active entity represented by a third object class in said first set of object classes is a 
second data user that requests personally identifiable information fiom said first data user, and 

said rules define if and how said personally identifiable infomiation may be provided, by 
said first data user, to said second data user. 

19. The method of claim 18, fimher comprising: 

transfomiing» based on said mles, said personally identifiable infomiation into a 
depersonalized format prior to providing said personally identifiable infomiation to the second 
data user. 

20. The system of claim 12, wherein: 

a first active entity represented by a first object class in said first set of object classes is a 
first data user that requests said personally identifiable infomiation from a data subject that is a 
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second active entity represented by a second object class in said first set of object classes, 
said data subject is an active entity that is personally identifiable by said personally 

identifiable information; 

a third active entity represented by a third object class in said first set of object classes is a 

second data user that requests personally identifiable information fix>m said first data user, and 
said rules define if and how said personally identifiable information may be provided, by 

said first data user, to said second data user. 
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EVTOENCE APPENDIX 



NONE 
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RELATED PROCEEDINGS APPENDIX 



NONE 
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